Daily Security Tips from Ed Skoudis - Week of August 19, 2002

Take a tip from Ed Skoudis, one of InformIT's most popular writers, as he shares a daily nugget of his knowledge of information security. Invest a few minutes of your day to learn something new about protecting your information assets.

Like this article? We recommend

Security Tip for Friday, August 23rd, 2002

To help stop viruses in their tracks, use anti-virus tools on desktops, file
servers, and mail servers. With new, highly virulent strains, it's
not enough just to install them on desktops only anymore. If you just install
desktop anti-virus, some of your user base will not receive the latest
downloads. Therefore, file server and mail server anti-virus acts as another
line of defense.

Security Tip for Thursday, August 22nd, 2002

On all machines connected to your mission-critical networks, such as your
DeMilitarized Zone (DMZ), hard-code the ARP cache tables. These tables map the
IP address to the physical MAC address of each machine on a LAN. On each one of
your Internet-accessible firewalls, routers, DNS servers, web servers, and mail
servers, include the IP-to-MAC address mapping for all systems on the LAN. Hard
coding this table will prevent attackers from launching an ARP cache poisoning
attack, which would let them sniff your traffic, hijack sessions, or otherwise
intercept data.

Security Tip for Wednesday, August 21st, 2002

When managing your systems remotely across a network, utilize connections
that provide strong authentication and encryption. For management access, use
Secure Shell (SSH, commercially available at
www.ssh.com or freely at
http://www.openssh.org),
Virtual Private Networks (VPNs), or other strongly authenticated, encrypted
connections. Never, ever telnet to your firewall, directory server, certificate
authority, or other critical systems, because telnet sessions can be easily
sniffed and hijacked.

Security Tip for Tuesday, August 20th, 2002

To prevent attackers from running backdoors on your machines, you must keep
track of what processes are running on your mission critical systems. Pay
special attention to those processes running with root or system privileges and
those that are listening on the network. Make sure your system administration
team periodically uses a tool to check running processes, such lsof for UNIX (at
freshmeat.net/projects/lsof) or Foundstone's fport for Windows (at
http://www.foundstone.com/knowledge/proddesc/fport.html).
Beware of suspicious processes with innocuous-sounding names, like WIN, SCSI, or
UPS.

Security Tip for Monday, August 19th, 2002

To keep up with the latest security issues, subscribe to a vulnerability
mailing list. These lists offer a forum for the disclosure of security problems,
and discussions about patches and other countermeasures. Bugtraq is the best
free vulnerability mailing list, and is one of the most valuable resources in
the information security business. You can find details for subscribing to
Bugtraq at www.securityfocus.com.